Date: Sun, 25 Sep 2022 11:33:44 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling Message-ID: <bug-266598-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266598 Bug ID: 266598 Summary: if_ovpn(4) DCO module not supporting correctly IPv6 tunneling Product: Base System Version: CURRENT Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: zarychtam@plan-b.pwste.edu.pl Created attachment 236804 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D236804&action= =3Dedit Traffic sniffed at DCO side In the beginning, let me thank and express my sincere appreciation to anyone involved in creating if_ovpn.ko and updating security/openvpn-devel with re= gard to testing DCO support, especially kp@, cron2 and mandree@. I have spent some time this weekend testing this and found two flaws in tunneling IPv6 traffic when DCO is used. After reverting to standard tun(4), everything works as expected. 1. I am not able to establish an ssh session using IPv6 over the tunnel. It looks like a problem with large TCP segments, known ie. when MTU discovery fails. 2. Sniffing traffic with tcpdump(1) on tun(4), when observed at DCO endpoin= t,=20 reveals only packets originating from the tunnel are visible, not ones sent over the tunnel. In the attached files, the IPv6 address 2001:db8:1:c0:2::1 belongs to a Fre= eBSD client with DCO enabled. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266598-227>